Skip to content
ATO Pathways
  Log In

NIST 800-53 High-Impact Baseline for Red Hat Enterprise Linux CoreOS

Rules and Groups employed by this XCCDF Profile

  • Network Time Protocol

    The Network Time Protocol is used to manage the system clock over a network. Computer clocks are not very accurate, so time will drift unpredictabl...
    Group
    Show

  • Enable the NTP Daemon

    As a user with administrator privileges, log into a node in the relevant pool: <pre> $ oc debug node/$NODE_NAME </pre> At the <pre>sh-4.4#</pre> p...
    Rule Medium Severity
    Show

  • Disable chrony daemon from acting as server

    The <code>port</code> option in <code>/etc/chrony.conf</code> can be set to <code>0</code> to make chrony daemon to never open any listening port f...
    Rule Low Severity
    Show

  • Disable network management of chrony daemon

    The <code>cmdport</code> option in <code>/etc/chrony.conf</code> can be set to <code>0</code> to stop chrony daemon from listening on the UDP port ...
    Rule Low Severity
    Show

  • Configure Time Service Maxpoll Interval

    The <code>maxpoll</code> should be configured to <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_time_service_set_maxpoll" use="legacy...
    Rule Medium Severity
    Show

  • Specify Additional Remote NTP Servers

    Depending on specific functional requirements of a concrete production environment, the Red Hat Enterprise Linux CoreOS 4 system can be configured ...
    Rule Medium Severity
    Show

  • Specify a Remote NTP Server

    Depending on specific functional requirements of a concrete production environment, the Red Hat Enterprise Linux CoreOS 4 system can be configured ...
    Rule Medium Severity
    Show

  • SSH Server

    The SSH protocol is recommended for remote login and remote file transfer. SSH provides confidentiality and integrity for data exchanged between tw...
    Group
    Show

  • Disable SSH Server If Possible

    Instead of using ssh to remotely log in to a cluster node, it is recommended to use <code>oc debug</code> The <code>sshd</code> service can be di...
    Rule High Severity
    Show

  • Verify Group Who Owns SSH Server config file

    To properly set the group owner of /etc/ssh/sshd_config, run the command: 
    $ sudo chgrp root /etc/ssh/sshd_config
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules